Microsoft Azure Documentation

Introduction to Azure Management

Azure management encompasses the tools and services that allow you to deploy, manage, and monitor your Azure resources. It provides a consistent management experience across Azure and its connected on-premises environments.

Azure Resource Manager (ARM)

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. ARM offers features like:

  • Declarative Deployment: Define your infrastructure in JSON templates.
  • Unified Management: Manage all your resources through a single portal, API, and CLI.
  • Role-Based Access Control (RBAC): Granular control over who can do what to which resources.
  • Resource Groups: Logical containers for your Azure resources.

Resource Groups

A resource group is a logical container into which Azure resources like virtual machines, storage accounts, and virtual networks are deployed and managed. Resources in a resource group can be managed as a single unit. You can:

  • Deploy and delete all resources in a resource group at once.
  • Apply access control policies to the resource group.
  • Tag resources for organization and billing.

Resource Providers

Resource providers are services that supply the Azure resources you can deploy to your subscriptions. Each resource provider offers a set of operations for the resources it manages.

Common resource providers include:

  • Microsoft.Compute for virtual machines
  • Microsoft.Storage for storage accounts
  • Microsoft.Network for virtual networks

You can register resource providers through the Azure portal, Azure CLI, or Azure PowerShell.

Azure CLI

The Azure Command-Line Interface (CLI) is a cross-platform tool that connects to Azure and executes management operations through commands. It's ideal for scripting and automation.


# List all resource groups
az group list --output table

# Create a resource group
az group create --name MyResourceGroup --location eastus

# Deploy an ARM template
az deployment group create --resource-group MyResourceGroup --template-file azuredeploy.json

Azure PowerShell

Azure PowerShell provides a set of cmdlets that leverage the .NET Framework to control Azure resources. It's a powerful tool for managing Azure from the command line, especially for Windows users.


# Install Azure PowerShell module
Install-Module -Name Az -AllowClobber -Scope CurrentUser

# Connect to Azure
Connect-AzAccount

# List all resource groups
Get-AzResourceGroup | Format-Table

# Create a resource group
New-AzResourceGroup -Name "MyResourceGroup" -Location "East US"

# Deploy an ARM template
New-AzResourceGroupDeployment -ResourceGroupName "MyResourceGroup" -TemplateFile "azuredeploy.json"

Azure Resource Manager REST API

ARM provides a RESTful API for managing Azure resources. This API allows you to interact with Azure management services programmatically from any application or tool that can make HTTP requests.

Example of getting resource groups:


GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups?api-version=2021-04-01
Authorization: Bearer {token}
Content-Type: application/json

Azure Policy

Azure Policy helps enforce organizational standards and assess compliance at scale. It allows you to create, assign, and manage policies that enforce rules on your Azure resources, ensuring they adhere to compliance requirements.

Note: Policies can govern resource properties like location, SKU, or tags, and can enforce specific configurations.

Role-Based Access Control (RBAC)

RBAC allows you to manage access to Azure resources. It provides fine-grained access management of resources, the ability to grant the least privilege necessary to perform a task, and the ability to separate duties within your IT staff.

  • Roles: Collections of permissions. Examples include Owner, Contributor, Reader.
  • Assignments: Granting a role to a security principal at a specific scope.
  • Security Principal: An object representing a user, group, service principal, or managed identity that is requesting access to Azure resources.

Azure Monitor

Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your Azure and on-premises environments. It helps you understand the performance and availability of your applications and proactively identify issues.

Tip: Use Azure Monitor to track metrics, collect logs, and set up alerts for your Azure resources.

Azure Advisor

Azure Advisor provides personalized recommendations to help you optimize your Azure resources for performance, security, cost, reliability, and operational excellence.

  • Performance
  • Security
  • Cost
  • Reliability
  • Operational Excellence